Specifications
Idle Session Timeout
When a login session is left unused for some time, it is prudent to disconnect the user. This
applies to web login sessions (via cookies) and SSH logins. This feature may be disabled by
setting the value to zero.
Internal Firewall Setup
As an additional layer of protection, we offer an internal firewall. When this feature is enabled,
connections will only be accepted from listed hosts. For example, the administrator can key in
10.1.0.1/240 in “Accept” filed, that is, the IP of the client’s computer between 10.1.0.1 and
10.1.0.240 allows accessing the Digital KVM via IP with the right username and password.
On the other hand, the user can key in 192.168.1.0/20, for example, in “Reject” field, that is
the IP of the client’s computer between 192.168.1.0 and 192.168.1.20 will be rejected to
access the Digital KVM via IP. This makes the Digital KVM via IP invisible to them. There
are 3 ways to key in the IP addresses:
1. Specific IP addresses: for example, 10.1.0.1, 10.1.0.5,….
2. Net Range: for example, 10.1.0.1/240
3. Host Names: for example, yahoo.com, google.com,…
WARNING: Be careful NOT to lock yourself out! Be certain that your IP will be accepted
by your filter.
VNC Password Policy
When a new VNC connection is established, the remote user must be authenticated. Standard
VNC protocol does not support “username”; it only supports passwords. As long as all users
have unique passwords, we can infer which user is connecting based on the password
provided. Alternatively, you may enable a second login screen that will require a valid
username and password. This is done after the VNC connection is established using menus
and prompts generated by the firmware. We call this second method “fancy login”.
If it is enabled, fancy login will be required from Java VNC clients as well, which is unfortunate
because the one-time password scheme cannot be used, and Java VNC clients have already
logged into the web server securely. Also, VNC normally encrypts passwords and uses a
challenge/hashed response system that is more secure than the fancy login method. This isn’t
a concern if the entire connection is encrypted with SSH or SSL however.
Trust SSH Tunnels
If the incoming VNC connection is coming in over an SSH tunnel, the SSH user / password
combination is used and no password is required. Disable this behavior if you suspect that
your SSH client machine is not secure and you are concerned that your SSH tunnels may be
used by other people.
Access Sharing Policy
There are 3 modes available:
1. Disables – Use regular give/take method (default): by default we allow all users to take
keyboard and mouse control of the system (after connecting via VNC) using a single mouse
click.
2. Enforce single user access policy (visible screen): for some circumstances require more
strict control of this capability, the admin user can select this mode for the highest priority
access. With a single-user access policy, only one user may control the host computer(s).
New connections are permitted, but the admin user. They will be able to view the screen
ONLY, but control the host computer(s). Once the first user disconnects (or otherwise gives
up control), the second user will be able to access the system immediately.
3. Enforce single user access policy (blank screen contents): for some circumstances
require more strict control of this capability, the admin user can select this mode for the
highest privacy; no one can see what the admin user is doing from the VNC screen. That is,
23